Zeeways Matrimony CMS SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Zeeways Matrimony CMS, affecting all versions. This vulnerability allows unauthenticated attackers to manipulate database queries through the profile_list endpoint. Exploitation can be achieved by injecting SQL code via the up_cast, s_mother, and s_religion parameters. Attackers can use time-based or error-based techniques to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for unauthorized database query manipulation, potentially leading to unauthorized data access or disclosure.

Reproduction

The vulnerability can be reproduced by sending a request to the profile_list endpoint with injected SQL payloads in the up_cast, s_mother, or s_religion parameters. The injected SQL can be crafted to extract database information using time-based or error-based SQL injection techniques.